Are retargeting ads HIPAA compliant?

Featured image

Share this article

is facebook hipaa compliant - paubox

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities (CEs) and their business associates (BAs) must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to properly advertise your organization while remaining HIPAA compliant.

This is especially true with the recent digital transformation in healthcare and the current need to function more remotely.

RELATEDHistoric Expansions of Telehealth to Combat COVID-19

Today, we will determine if retargeting ads are HIPAA compliant or not.

What are retargeting ads?

Retargeting, also known as remarketing, uses bits of code (or pixels) and cookies to target, attract, and reach customers. The idea is to engage with potential customers that have somehow come across your brand and need a reminder.

RELATED: Is Facebook Pixel HIPAA Compliant?

Research shows that around 96% of visitors are not ready to contact or buy on a first visit.

There are several methods of retargeting, based on:

  • Search engine use (search retargeting)
  • Web site visits (site retargeting)
  • Prior search terms (SEM/SEO retargeting)
  • Actions taken from an email (email retargeting)
  • Pixel exchange between two highly relevant sites (contextual retargeting)
  • Type of action taken by a user (engagement retargeting)

Retargeting ads are normally found on search engines (e.g., Google and Bing) or social media platforms (e.g., Facebook and LinkedIn).

RELATED: Social Media & HIPAA Compliance: The Ultimate Guide

The Digital 2020 July Global Statshot report states that more than half of the world uses social media. That’s about 3.96 billion people.

Moreover, 81% of internet users aged 16 to 34 searched online for a product or service. So obviously retargeting ads have the potential of being  profitable and effective.

Businesses, including in the healthcare industry, see retargeting as a possible communication tool.

Retargeting ads and HIPAA marketing

A HIPAA Privacy Rule guideline addresses marketing by giving “individuals important controls over whether and how their [PHI] is used and disclosed for marketing purposes.”

In most cases, a CE must have a patient’s authorization before marketing to them. Keep in mind that there is a distinction between the types of communication that HIPAA considers marketing and when this permission is necessary.

RELATEDHIPAA Definition of Marketing Explained

Online marketing and advertising are allowed and encouraged under HIPAA, especially because health consumers do search and research CEs electronically.

But how to advertise in a HIPAA compliant manner depends on the information included and whether or not prior authorization is required; prior authorization may be obtainable from patients but not from potential patients searching the Internet.

RELATED: Healthcare Ads and HIPAA Compliance: The Ultimate Guide

Say someone searches about a health condition and walks away from the computer. Then, someone else sits down and opens the same browser, same search engine, and sees an ad about the previous search.

The first person inadvertently has had PHI exposed, and the CE has violated HIPAA.

Is retargeting HIPAA compliant?

Unfortunately, retargeting is not HIPAA compliant. This is because retargeting ads include pixels and cookies that log searches and/or clicks and also because of potential PHI exposure.

This is why some companies, such as Google, limit the use of retargeting for CEs. Keep in mind however that this does not necessarily make Google HIPAA compliant.

If a CE wants to effectively advertise online, it must answer the following questions:

  • Will the advertiser (as a BA) sign a business associate agreement (BAA)?
  • If yes, how does the company use/disseminate data?
  • Does the company use retargeting, and does it limit its use for CEs?

And no matter what the answer, is it worth the risk and possible HIPAA violation?

Paubox Marketing—a sound alternative

While there are many ways that CEs can market to patients or potential patients, one of the best methods today is healthcare email marketing using HIPAA compliant email.

Paubox Marketing allows recipients to view marketing emails like regular emails but with strong encryption and email security at all times.

RELATEDWhy Paubox Marketing is the Best HIPAA Email Marketing Solution Available

Paubox will not only sign a BAA but will also work tirelessly to keep you and your patients safe. No extra steps for the sender or the receiver and no worry about leaked PHI.

Use HIPAA compliant email marketing not only to create personalized marketing campaigns but also to maintain PHI security.

Try Paubox Marketing for free and make your email marketing HIPAA compliant today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022